We are currently migrating Bugzilla to GitHub issues.
Any changes made to the bug tracker now will be lost, so please do not post new bugs or make changes to them.
When we're done, all bug URLs will redirect to their equivalent location on the new bug tracker.

Bug 1014 - SDL_ConvertAudio crashes

Summary: SDL_ConvertAudio crashes

Status:	RESOLVED FIXED

Alias:	None

Product:	SDL
Classification:	Unclassified
Component:	audio (show other bugs)
Version:	HG 2.0
Hardware:	x86 Windows 7

Importance:	P2 critical
Assignee:	Ryan C. Gordon
QA Contact:	Sam Lantinga

URL:
Keywords:

Depends on:
Blocks:

Reported:	2010-07-01 02:09 UTC by Mārtiņš Možeiko
Modified:	2012-01-08 14:11 UTC (History)
CC List:	0 users

See Also:

Attachments
Reproducing crash (573 bytes, text/plain) 2010-07-01 02:10 UTC, Mārtiņš Možeiko	Details
patch for sdlgenaudiocvt.pl (2.18 KB, patch) 2010-12-15 07:41 UTC, Mark.Howson	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Mārtiņš Možeiko 2010-07-01 02:09:21 UTC

When converting AUDIO_S16, 16kHz, 1 channel audio to AUDIO_S16, 44.1kHz, 2 channel  crash occurs in SDL_ConvertAudio function. Crash happens somewhere in SDL_Upsample_S16LSB_2c function.

I'm using MSVC2008 to build SDL from hg.

Code to reproduce crash is attached. Same code with SDL-1.2.14 runs fine and prints out: "Converted from 10 to 40"

Comment 1 Mārtiņš Možeiko 2010-07-01 02:10:29 UTC

Created attachment 513 [details]
Reproducing crash

Comment 2 Mark.Howson 2010-12-15 07:41:49 UTC

Created attachment 549 [details]
patch for sdlgenaudiocvt.pl

Comment 3 Mark.Howson 2010-12-15 07:45:25 UTC

Reproducible here under Windows and Linux. Looking at the code for SDL_Upsample_S16LSB_2c:

const int dstsize = (int) (((double)cvt->len_cvt) * cvt->rate_incr);
Sint16 *dst = ((Sint16 *) (cvt->buf + dstsize)) - 2;
const Sint16 *target = ((const Sint16 *) cvt->buf) - 2;
while (dst > target) {
   dst[1] = ((Sint16) SDL_SwapLE16(sample1));
   dst[0] = ((Sint16) SDL_SwapLE16(sample0));
   dst -= 2;
...

if dstsize is odd (and therefore dst), it'll write to target[1] which is one byte before the allocated buf.

The attached patch to sdlgenaudiocvt.pl changes dst > target to dst >= target, and removes the - $channels for the upsample case. The patch is not fully tested, but seems to work here.

Comment 4 Sam Lantinga 2012-01-08 14:11:28 UTC

Looks good, thanks!
http://hg.libsdl.org/SDL/rev/ba275696ab7a

We are currently migrating Bugzilla to GitHub issues.Any changes made to the bug tracker now will be lost, so please do not post new bugs or make changes to them.When we're done, all bug URLs will redirect to their equivalent location on the new bug tracker.

We are currently migrating Bugzilla to GitHub issues.
Any changes made to the bug tracker now will be lost, so please do not post new bugs or make changes to them.
When we're done, all bug URLs will redirect to their equivalent location on the new bug tracker.